Citadel server UDS dangerous object not detected?

See: https://zeustracker.abuse.ch/monitor.php?host=94.242.216.38 with Citadel, see: https://www.virustotal.com/nl/file/90552de9c51651d4d07515ec0f3576c35e759a334f7621587eb0deef2e61fba2/analysis/
This one also missed see here: https://www.virustotal.com/nl/file/bb31f3373444714d6034d0ed366dbc10310b2c650b6d880716365c58c6e2a7f4/analysis/
Orexol Yxeri Qyzoh file
malware UPX 2.93 [LZMA] packed…being this file: http://www.isthisfilesafe.com/sha1/8BF89E34E2A1EB870D35ED9663DBA5BB0EFC6A01_details.aspx
http://www.istdiesedateisicher.de/sha1/8BF89E34E2A1EB870D35ED9663DBA5BB0EFC6A01_details.aspx
also detected as somoto adware: https://www.virustotal.com/nl/file/d2a2395339b643b89e4c1c423d7bbaa84aa174716fa6fdf7678803c3966b33f9/analysis/

polonus

When we do a search for ONEZ and 3uupKpwcQI
we get behavioral information here: https://www.virustotal.com/nl/file/bb31f3373444714d6034d0ed366dbc10310b2c650b6d880716365c58c6e2a7f4/analysis/
TCP connections
94.242.216.38:80 from where we started
173.194.78.147:80 source of security risk downloaders via Google search results: https://www.virustotal.com/nl/file/e5253dee22115f807c6b60b69d52bb605974dd31503c0d4717bf9627443f512b/analysis/
with the according incidents reported by VT: https://www.virustotal.com/nl/ip-address/173.194.78.147/information/ malware on google IP
and we stumble upon another VT result: https://www.virustotal.com/nl/file/354f0df2ba9d479067eb64c89163c0600fe1d436ecfb063646a784db938715a3/analysis/
and what is important for us, not detected by avast!
For ASN abuse see: http://urlquery.net/report.php?id=2405596
Hex Obfuscation of Script Tag % Encoding is detected through the avast! Web Shield as JS:Redirector-ZR[Trj] and blocked…
This is a shell code obfuscation IDS alert…

polonus